malwarewikiaorg-20200223-history
Hurr-Durr
''' '''Hurr-Durr was a joke website with a fan-made trojan (executable) which infected Microsoft Windows by exploiting browser vulnerabilities. It worked with Internet Explorer, Firefox, and Chrome. It did not harm the user's computer (with the exception of the fan-made trojan), but it could get annoying. As of 2017, the website no longer works, however, you can visit the archived version from Web Archive. "Hurr" or "Hurr Durr" is a word/series of words used to mock something that is subpar, unintelligent or unentertaining, or alternatively, to express sarcastic laughter. Payload Website When the website was opened, an animated image of a dancing bulldog is displayed and the site plays an audio file of a song called "Chacarron Macarron". Once the Javascript payload fully loads, the browser window begins to move randomly. This functionality only works on older versions of Internet Explorer and may not work on other browsers. Whenever a user attempts to close the tab or window, it generates a dialogue box, which prevents the browser from being closed. This is very similar to the "You Are An Idiot" virus, being that it doesn't harm the system, instead merely aggravating the user. Since the site does not block Task Manager or alternative closing methods (such as using Alt-F4 or taskkill,) it is easy to close the browser by using Task Manager, unlike "You Are An Idiot". Hurr-Durr's payload may not work on browsers other than older versions of Internet Explorer; if the user attempts to visit the website on Microsoft Edge, attempting to close the tab or the window will result in a hang, so if other tabs are open, the tab will freeze for about 5 seconds, then it will close; on Firefox, the window will entirely hang, and the only way to stop this is to end Firefox's task in Task Manager. Executable The executable version was made by YouTuber TechologicalByte (Gigabyte_Forever), and it mimics some payloads from MEMZ, PCToaster and the Sasser worm. It attempts to open the Hurr-Durr website and many other applications. After that, it tries to delete System32 and the registry and then tries to terminate "lsass.exe" to reboot the computer after a minute. After a reboot, Windows will fail to start due to deleted files and registry entries (assuming the deletion was not automatically stopped by modern versions of Windows.) This is only recoverable if a user restores their PC with a Windows Image or reinstalls the operating system. This variant is intended to cause damage. Removal Process (Website) Internet Explorer: Open Task Manager, navigate to details (if running Windows 8, onward) or processes (if running Windows 2000 to Windows 7), then find the process iexplore.exe and terminate the process. Chrome/Firefox: Simply click the Close button on the browser window. Microsoft Edge: When the tab with Hurr-Durr.com is closed it usually takes a while for the tab or browser window to close. References Saberceleration, Y F., Know Your Meme, Hurr-Durr. 2011 Hurr-Durr virus (website version) in action with Microsoft Edge Category:JavaScript Category:Virus Category:Dangerous Website Category:Joke programs Category:Win32 Category:Win32 virus Category:Joke website